Which THREE of the following are valid characteristics of a next-generation firewall (NGFW) compared to a traditional stateful firewall? (Choose three.)
NGFWs can decrypt encrypted traffic for inspection.
Why this answer
A is correct because NGFWs can perform SSL/TLS decryption and inspection, allowing them to examine encrypted traffic for threats. Traditional stateful firewalls only inspect packet headers and state information, leaving encrypted payloads unexamined. This capability is critical for detecting malware or data exfiltration hidden in HTTPS sessions.
Exam trap
Cisco often tests the misconception that NAT and VPNs are exclusive to NGFWs, when in fact they are common features of both traditional stateful firewalls and NGFWs.